Monitoring data as outreach evidence (without being creepy)

A prospect replied to one of our score-band emails with a single line: "How long have you been watching our site?"

They were not angry about the LCP number; they were angry about the vibe. The audit was accurate and the mobile score was poor, but the message still read like surveillance because we named three URLs they had never shared with us, opened with "we noticed," and offered no obvious way to opt out.

That reply forced a policy conversation we should have had before the first batch went out. Monitoring data and prospecting data overlap, but ethical boundaries do not follow automatically. Public PageSpeed results are not private intelligence. How you frame them in performance audit outreach still decides whether you sound like a consultant or a stalker.

Below is the line we draw now: what monitoring evidence is fair to use, what we leave out of website speed audit cold email, and how we keep PageSpeed prospecting repeatable without feeling predatory.

Performance audit outreach: public evidence vs private inference

Most PageSpeed prospecting starts from URLs you could type into a browser yourself. Lab scores, Lighthouse diagnostics, and often CrUX field summaries for high-traffic origins are observable without credentials. That is the legitimate foundation.

Where teams cross into "creepy" is not the PSI run. It is the story around it:

• Implying you tracked them over time when you ran one lab test yesterday.
• Referencing pages that look like you crawled their entire sitemap for ammunition.
• Naming internal staging hosts, preview URLs, or employee-only paths that should never appear in cold mail.
• Claiming field data you do not have ("your customers are abandoning checkout") when you only saw a lab INP spike on a generic homepage.

We treat outreach evidence as what a prospect could verify in five minutes with PageSpeed Insights, plus our one-page report that shows the same source. If we cannot point to that shared surface, it does not go in the first email.

PageSpeed prospecting: lines we will not cross

After the "how long have you been watching" reply, we wrote explicit don'ts for anyone sending automated performance reports in outreach:

1. No contact scraping in the first touch. If we do not have a lawful basis to email someone, we do not email them because their homepage scored 40. Performance data is not consent.
2. No fake familiarity. Ban openers like "I was just on your site" when the sender never was. Say "we ran a PageSpeed audit on [URL]" instead.
3. No batch-size bragging. Do not mention how many sites you analysed this week. It signals batch outreach even when the observation is valid.
4. No competitor dunking by name in cold mail unless the prospect raised competitors. Compare metrics to thresholds, not to "Brand X."
5. No re-send loops on rejection. A "not interested" or spam complaint moves the record to rejected with a reason. Refreshing the score and emailing again is harassment dressed up as diligence.

These rules live in your playbook, not in the product settings. The workflow on our blog covers analyse → report → qualify → reach out; this post covers what humans agree not to say while they use it.

Website speed audit cold email: helpful vs surveillance tone

The same LCP figure can read two ways:

Surveillance tone: "We noticed your mobile LCP is 4.8s across /pricing, /demo, and /blog/category/updates. Your users are suffering."

Consultant tone: "We ran PageSpeed Insights on your homepage (mobile). LCP is 4.8s in lab, above the 2.5s guideline. That usually means hero or font load on first paint. Worth a look if mobile traffic matters to you."

Same data. Different trust outcome.

Patterns that helped replies without feeling invasive:

• One URL in the opener, the URL you would defend on a call, not the whole crawl list.
• Name the tool (PageSpeed Insights / Lighthouse lab) so they know how you know.
• Attach or link one report, time-limited, instead of pasting every failing metric into the body.
• One next step, low friction: reply, book 15 minutes, or ignore with no follow-up guilt trip.

If you need score-band templates as a starting point, the Watcher workflow post walks through qualification and messaging bands. This Hashnode piece is the tone guardrail on top.

One-page outreach reports: what belongs in the PDF

A one-page lead report works in outreach when it behaves like a gift, not a dossier.

Include:

• Mobile and desktop snapshot for the agreed URL(s).
• Top failing Core Web Vitals or lab metrics with plain-language "what this means."
• Three prioritised fixes you would actually propose.
• Your agency name, date, and how to reply.

Omit:

• Full sitemap tables unless the prospect asked for a portfolio audit.
• Weeks or months of history that imply you monitored them before contact.
• Traffic or revenue guesses from third-party estimators.
• Screenshots of their site with red circles on branding elements (reads like a shaming slide deck).

Share links should expire. Public share URLs are convenient; they also feel less like you dropped a permanent file in their inbox uninvited when the link has a visible expiry.

Core web vitals lead generation without manufactured urgency

Poor scores tempt exaggeration: "Your SEO is doomed" and "you are losing thousands daily" are easy sentences, and they are also why performance audit outreach gets lumped with spam.

We qualify by score band, but the email must match what the report actually shows:

• Poor band: cite the failing metric and one business-adjacent consequence you can defend (slow first paint on a landing page, not "Google will delist you tomorrow").
• Fair band: frame as prioritisation, not catastrophe.
• Strong band: offer regression monitoring, not fake problems.

If CrUX field data is missing for the URL, say so. Lab-only outreach is still valid when you label it lab-only, but implying real-user certainty you do not have is the fastest way to lose technical buyers.

For the full batch workflow (analyse, report, qualify, reach out), see The PageSpeed prospecting workflow. For why monitoring habits transfer to prospecting at all, start with From monitoring to pipeline.

Sell performance audits agency teams: who sends, who reviews

Creepy outreach often comes from a handoff gap, not malice. An analyst generates fifty reports; a junior SDR blasts templates without reading them; a technical lead would never have sent half the observations.

Our fix was boring and effective:

• Analyst owns accuracy: URL choice, mobile + desktop run, report generation.
• Sender owns tone: they must read the report before send; one concrete observation in their own sentence.
• Lead reviews first batch weekly: flag messages that sound like surveillance; update the banned phrase list.

We also stopped letting prospecting run on a different domain list than we would show the prospect on a call. If you would not walk a CEO through a URL on screen, it should not appear in line one of cold email.

Opt-out, rejection, and when to stop follow-up

Ethical PageSpeed prospecting needs an exit ramp:

• Unsubscribe or "not interested" → rejected stage, no score refresh emails.
• No reply after agreed sequence → stop. Note outcome; do not restart because LCP moved 0.2s.
• Wrong contact → delete personal email from notes; do not swap in another address from LinkedIn scraping.

Rejected is a success state when it prevents a complaint. Document the reason in the lead record so the next person on the team does not repeat the mistake.

Internal checklist before the next batch goes out

Run this on ten draft emails before you hit send:

1. Could the prospect reproduce our main claim with PSI in five minutes?
2. Did we cite one URL, not a sitemap dump?
3. Did we name the tool and strategy (lab mobile/desktop)?
4. Is there a single CTA and an honest opt-out?
5. Would we be comfortable if they forwarded the email to their legal team?

If any answer is no, rewrite the opener, not the report.

Next step: write your "we do not" list before your next score-band templates

Copy the five don'ts from this post into your prospecting doc. Add two that match your market (regulated verticals, EU contacts, etc.). Then open your score-band templates and delete every phrase that implies ongoing surveillance.

Run one batch of ten with a human read on every send. Track reply quality, not just reply rate. The goal of monitoring data in outreach is credible evidence, not discomfort.

For the strategic case and step-by-step workflow, use the two Watcher posts linked above.

Evidence in public. Respect in the message. Stop when they say stop.